Three key agenda items for Canada’s next privacy commissioner

You can’t say Jennifer Stoddart didn’t go out with a bang.

Just a few days before Canada’s federal privacy commissioner is expected to end her tenure, she released a statement in response to Bill C-13, the Tory bill to combat cyber-bullying that some suggest will re-introduce the possibility of police spying on ISP records that was part of the so-called “Lawful Access” legislation that died earlier this year. She didn’t sound pleased.

“My Office was not consulted on the Bill and the first time we saw a copy was Wednesday, November 20th, when the legislation was tabled,” she wrote. “We look forward to sharing more comprehensive comments on the Bill with Parliament.”

Those comments, however, will need to come from Chantal Bernier, Stoddart’s assistant, who was appointed to an interim role earlier this week while a search for a successor begins. Whoever takes this job will have, to put it mildly, a considerable workload. Besides items like Bill C-13, the next privacy commissioner will need to be monitoring the impact of the Canadian Anti-Spam Legislation (CASL), pushing for Canadian data breach notification laws and urging the government to complete its long-delayed review of the Personal Information Protection and Electronic Documents Act (PIPEDA), which many suggest still lacks enough substance.

It’s not like this is the kind of work that can be dashed off quickly, either. Claudiu Popa, president of Toronto-based privacy consultancy Informatica Corp., described the privacy commissioner’s job as one that largely consists of waiting.

“When they make requests of organizations and government agencies, it takes a long time to receive a response or to get a meeting,” he said. “Just carrying on with the existing tasks, I think, will occupy if most if not all of Chantelle Bernier and her office’s time.”

That said, the next privacy commissioner will be coming on board in a much different era than the one that existed when Stoddart was appointed. Beyond the obvious social media and security threats to privacy, here are three others her successor will need to think about:

  • Wearable computing: When more people are walking around with Google Glass headsets or smartwatches like Samsung Galaxy Gear, there will be new possibilities for those devices to exchange or capture information in ways that aren’t fully understood by the general public. If location data emerged as a privacy issue when smartphones became common, expect that issue to escalate in the very near future.

  • The Internet of Everything: Vendors like Cisco and others are eagerly promoting the idea of embedding sensors into walls, cars and everyday objects. It’s unclear how well PIPEDA or other laws apply to in such a world, and what kind of machine-to-machine data should remain off-limits.

  • Big data: Many companies hope that they can use analytical software to better target customers and outsmart competitors using unstructured information, but a lot of that data - text messages, tweets, chat sessions -- were never intended to be analyzed by their creators. The devil in these details could easily run afoul of privacy rules.

Whoever takes over from Jennifer Stoddart in the long term, he or she will need to be fearless in representing citizens’ interests across a variety of technological dangers. This is a role that depends, in many ways, on education and advocacy. It’s about being vocal and articulate on behalf of those who may not even realize what’s happening to them. Odd as it may seem, there are few jobs more public than a privacy commissioner’s.

Search